contactless payments
play

CONTACTLESS PAYMENTS Joeri de Ruiter University of Birmingham - PowerPoint PPT Presentation

Feb 07, 2023 •249 likes •863 views

CONTACTLESS PAYMENTS Joeri de Ruiter University of Birmingham (some slides borrowed from Tom Chothia) Overview EMV Protocol Attacks EMV-Contactless Protocols Attacks Demo Stopping relay attacks What is

  1. CONTACTLESS PAYMENTS Joeri de Ruiter University of Birmingham (some slides borrowed from Tom Chothia)

  2. Overview ● EMV Protocol – Attacks – ● EMV-Contactless Protocols – Attacks – ● Demo ● Stopping relay attacks

  3. What is EMV? Standard for communication between chip based payment cards and terminals

  4. What is EMV? Developed and maintained Owned by

  5. What is EMV? ● Initiated in 1993 ● Worldwide over 1,5 billion cards ● Variants for contactless and internet banking ● Required for Single Euro Payment Area (SEPA)

  6. Why EMV? ● Reducing fraud by skimming – stolen credit cards used with forged signatures – card-not-present fraud (EMV-CAP) – ● Liability shift Merchant: if no EMV is used – Customer: if PIN is used –

  7. Complexity ● Specification over 700 pages (4 books) Book 1 - Application Independent ICC to Terminal Interface Requirements – Book 2 - Security and Key Management – Book 3 - Application Specification – Book 4 - Cardholder, Attendant, and Acquirer Interface Requirements – Additional proprietary specifications – ● Many options 3 card authentication methods – 5 cardholder authentication methods – 2 types of transactions – ● Everything can be parameterised using Data Object Lists (DOLs)

  8. Key set-up ● Card and issuer/bank: symmetric key (3DES) Authenticate transactions to bank – Usually bank has master key and card a derived key – ● Payment scheme: asymmetric keypair (RSA) Authenticate issuers – ● Issuer: asymmetric keypair (RSA) Authenticate cards – ● Cards (optional): asymmetric keypair (RSA) Authenticate cards/transactions to terminal –

  9. Key set-up ● Terminal Payment scheme's public keys – ● Card Issuer's public key certificate signed by payment scheme – Card's public key certificate signed by issuer –

  10. Communication ● ISO 7816 ● Master-slave ● Application Protocol Data Units (APDUs) Commands – CLA INS P1 P2 Lc Data Le Responses – Data SW1 SW2

  11. Communication ● VERIFY > 00 20 00 80 08 24 12 34 FF FF FF FF FF 00 20 – VERIFY ● 00 80 – Plaintext PIN ● 08 – Length data ● 24 12 34 FF FF FF FF FF – Data ● < 90 00 PIN code correct ●

  12. EMV session ● Initialisation ● Card authentication ● Cardholder verification ● Transaction ● (Scripting)

  13. Initialisation ● Read file 1PAY.SYS.DDF01 Contains list of EMV applets on card – ● Select EMV applet Processing Options Data Object List (PDOL) returned indicating data the – reader must provide to the card ● Send GET PROCESSING OPTIONS command Send data specified in PDOL – Application Interchange Profile (AIP) and Application File Locator (AFL) – returned AIP indicates support for, e.g., data authentication methods ● AFL lists available files ●

  14. Card authentication ● Static Data Authentication (SDA) Static data signed by issuer in Signed Static Authentication Data (SSAD) – Data to be included indicated in AFL and optionally the AIP added – READ RECORD Sig((PAN, PAN Seq.nr., …), skBank)

  15. Card authentication ● Dynamic Data Authentication (DDA) Public key cryptography used – Challenge/response mechanism – Challenge data specified by Dynamic Data Authentication Data Object – List (DDOL) READ RECORD Sig((PAN,..,pkCard), skBank), DDOL INTERNAL AUTH, nonceT Sig((nonceT, nonceK), skCard)

  16. Card authentication ● Combined Data Authentication (CDA) Transaction data signed – Data from PDOL, CDOL1, (CDOL2) and other data returned in – GENERATE AC command READ RECORD Sig((PAN,..,pkCard), skBank), CDOL1 GENERATE AC, amount, nonceT,.. Sig((amount, nonceT,.., AC), skCard)

  17. Cardholder verification methods (CVM) ● Based on a list of rules in the CVM List ● None ● Signature ● PIN code Offline – With or without encryption ● Online –

  18. CVM List Rule 0 If unattended cash: Enciphered PIN verified online Apply succeeding CV rule if this CVM is unsuccessful Rule 1 If manual cash: Enciphered PIN verified online Fail cardholder verification if this CVM is unsuccessful Rule 2 If terminal supports CVM: Enciphered PIN verification performed by card Fail cardholder verification if this CVM is unsuccessful Rule 3 If terminal supports CVM: Enciphered PIN verified online Fail cardholder verification if this CVM is unsuccessful Rule 4 Always: Plaintext PIN verification performed by card Fail cardholder verification if this CVM is unsuccessful

  19. Cardholder verification ● Plaintext PIN verification VERIFY '1234' OK (9000)

  20. Transaction ● Three different application cryptograms Transaction Certificate (TC) – Transaction approved ● Authorisation Request Cryptogram (ARQC) – Online authorisation requested ● Application Authentication Cryptogram (AAC) – Transaction declined ● ● Data used in GENERATE AC command specified by Card Risk Management Data Object Lists (CDOL1 and CDOL2) ● Issuer specific MAC over transaction data and Application Transaction Counter (ATC) using session key derived from symmetric key and ATC

  21. Transaction ● Offline Terminal request a TC in the GENERATE AC command – Card replies with a TC or AAC – ● Online Terminal initiated – Terminal requests an ARQC and card replies with an ARQC or AAC ● Card initiated – Terminal requests a TC and card replies with an ARQC ● Terminal forwards ARQC to the issuer and receives an Authorisation – Response Code (ARC) in return The ARC is included in in the EXTERNAL AUTHENTICATE or the second – GENERATE AC command to authenticate the issuer to the card Card replies with a TC or AAC –

  22. Attacking smartcards ● No direct copying possible ● Eavesdropping on communication Existing hardware used for pay TV and SIM cards – ● Active / wedge attacks Modifying traffic between card and terminal –

  23. Attacking smartcards

  24. Known weaknesses Skimming Data on magnetic stripe also on chip – Fake e.dentifiers ABN AMRO replaced in branches – 2008, 2009 ● 1,5 milion euro damages ● Download-card ●

  25. Known weaknesses Cloning SDA cards Possible for offline transactions – Only static data authenticated – Yes-card – All PIN codes accepted ● SDA no longer allowed for offline capable cards –

  26. Known weaknesses DDA man-in-the-middle attack Possible for offline transactions – Terminal cannot determine authenticity of a transaction – Transaction not connected to card authentication – INTERNAL AUTH, nonceT Sig((nonceT, nonceK), skKaart) GENERATE AC MitM AC

  27. Known weaknesses “Chip & PIN is broken” [Murdoch et al. 2010] Possible for both offline and online transactions – If card is not blocked ● If transaction without PIN are accepted ● Man-in-the-middle attack – All PIN codes accepted –

  28. Known weaknesses Source: https://www.cl.cam.ac.uk/research/security/banking/nopin/

  29. Known weaknesses “Chip & PIN is definitely broken” [Barisani et al. 2011] Rollback to plaintext PIN by modifying the CVM List – Possible to perform an online transaction in case of failed data – authentication Terminals in the Netherlands patched – Attack was still possible – Detected in backend ●

  30. EMV-Contactless ● 4 books Book A: Architecture and General Requirements – Book B: Entry Point – Book C: Kernel Specification – Book D: Contactless Communication Protocol – ● 7 variants for book C ● ISO 14443 ● All EMV applications listed in 2PAY.SYS.DDF01

  31. MasterCard PayPass ● Kernel 2 ● EMV mode ● Mag-stripe mode

  32. EMV mode ● No DDA ● Only one application cryptogram for online transactions ● Torn transactions can be restored using RECOVER AC command ● Terminal can store data on card in 'scratch pad'

  33. EMV mode Shop Card SELECT 2PAY.SYS.DDF01 AIDs of all payment applets SELECT MasterCard PayPass AID PDOL GET PROCESSING OPTION AIP, AFL

  34. EMV mode Shop Card READ RECORD PAN, issuer cert., card cert., CDOL1, ... GENERATE AC Unpredictable Number, .. Ks=Enc Kcard (ATC) Ks=Enc Kcard (ATC) AC=MAC Ks (amount,ATC,currency, AC=MAC Ks (amount,ATC,currency, UN,..) UN,..) SDAD=Sign(AC,amount,ATC, SDAD=Sign(AC,amount,ATC, currency,UN,..) currency,UN,..) SDAD, ATC

  35. Mag-stripe mode ● Backwards compatibility for old mag-stripe systems ● COMPUTE CRYPTOGRAPHIC CHECKSUM command to generate CVC3 (Card Verification Code) ● CVC3 based on Unpredictable Number (UN) – Application Transaction Counter – Secret Key – ● CVC3 and UN used to construct valid mag-stripe data

  36. Pre-play attack on mag-stripe mode ● “Cloning Credit Cards: A combined pre-play and downgrade attack on EMV Contactless” [Roland and Langer, 2013] ● Unpredictable Number provided in BCD notation ● Card indicates length of UN 1 to 3 digits in practice – ● Fallback possible To mag-stripe mode – To shorter UN –

  37. Visa payWave ● Kernel 1 and 3 ● EMV modes (VSDC and qVSDC) ● Mag-stripe mode (MSD) ● VSDC uses original EMV with minor changes ● qVSDC quite different from original EMV Minimises number of messages – fDDA – No separate command for cryptogram generation – ● No offline plaintext PIN allowed

  38. qVSDC (offline) Shop Card SELECT 2PAY.SYS.DDF01 AIDs of all payment apps. SELECT Visa app ID PDOL

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

NFC Payment Spy: A Privacy Attack on Contactless Payments Maryam Mehrnezhad , Mohammed Ali, Feng

NFC Payment Spy: A Privacy Attack on Contactless Payments Maryam Mehrnezhad , Mohammed Ali, Feng

NFC Payment Spy: A Privacy Attack on Contactless Payments Maryam Mehrnezhad , Mohammed Ali, Feng Hao, Aad van Moorsel Newcastle University, UK SSR, 5 Dec 2016 Contactless Payment Contactless Cards (theukcardsassociation.org.uk) In the

255 views • 21 slides
INVESTOR PRESENTATION CONTACTLESS PAYMENTS 2020 OTCQX: OTIVF This presentation may contain

INVESTOR PRESENTATION CONTACTLESS PAYMENTS 2020 OTCQX: OTIVF This presentation may contain

YOUR POINT OF INVESTOR PRESENTATION CONTACTLESS PAYMENTS 2020 OTCQX: OTIVF This presentation may contain forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995 and other Federal securities laws.

363 views • 18 slides
Eavesdropping Near Field Contactless Payments: A Quantitative Analysis Thomas P. Diakos 1 Johann

Eavesdropping Near Field Contactless Payments: A Quantitative Analysis Thomas P. Diakos 1 Johann

Introduction Eavesdropping Antennas Experimental Work Results Conclusions Eavesdropping Near Field Contactless Payments: A Quantitative Analysis Thomas P. Diakos 1 Johann A. Bri ff a 1 Tim W. C. Brown 2 Stephan Wesemeyer 1 1 Department of

616 views • 46 slides
Explaining International IT Application Leadership: Contactless Mobile Payments Presenters:

Explaining International IT Application Leadership: Contactless Mobile Payments Presenters:

November 17, 2009 Explaining International IT Application Leadership: Contactless Mobile Payments Presenters: Robert Atkinson, President, ITIF Stephen Ezell, Senior Analyst, ITIF Respondents: David Jeppsen, Vice President, NTT DOCOMO USA

599 views • 11 slides
U.S. Mobile Payments Mark MacCarthy November 2009 U.S. Market: Contactless Visa PayWave

U.S. Mobile Payments Mark MacCarthy November 2009 U.S. Market: Contactless Visa PayWave

U.S. Mobile Payments Mark MacCarthy November 2009 U.S. Market: Contactless Visa PayWave MasterCard PayPass American ExpressPa Issuers Merchants Convenience, speed Limited deployment 2 U.S. Market: Mobile POS

248 views • 10 slides
paying for e -Commerce would be as easy, secure and inexpensive as using contactless cards at

paying for e -Commerce would be as easy, secure and inexpensive as using contactless cards at

What if paying for e -Commerce would be as easy, secure and inexpensive as using contactless cards at point of sale? Presentation for CeBIH Risto Savolainen Founder CEO, iAxept Ltd THE PROBLEM: CARD NOT PRESENT E -COMMERCE PAYMENTS

682 views • 18 slides
Intellectual Property and Contactless Card Innovations ICMA North American Workshop

Intellectual Property and Contactless Card Innovations ICMA North American Workshop

Intellectual Property and Contactless Card Innovations ICMA North American Workshop September 30 - October 1, 2014 THE HOSPITALITY MARKET OVERVIEW 14.5 M hotel rooms &gt;750 M key cards/year issued with 100 M contactless

416 views • 19 slides
More than payments ePassi Payments ePassi mobile payments ePassi Fringe Benefits Sport

More than payments ePassi Payments ePassi mobile payments ePassi Fringe Benefits Sport

More than payments ePassi Payments ePassi mobile payments ePassi Fringe Benefits Sport &amp; Culture 2008 Commuting 2013 Lunch 2014 Wellbeing 2015 General payments Alipay 2016 Siirto 2018

321 views • 17 slides
Contactless Palmprint Identification Ajay Kumar Department of Computing The Hong Kong

Contactless Palmprint Identification Ajay Kumar Department of Computing The Hong Kong

IAPR/IEEE Winter School on Biometrics, Shenzhen 12 th January, 2020 Contactless Palmprint Identification Ajay Kumar Department of Computing The Hong Kong Polytechnic University, Hong Kong Contactless Palmprint Identification Applications

891 views • 51 slides
Contactless Mobile Services February 2010 1 Introduction (1/2) The next generation of

Contactless Mobile Services February 2010 1 Introduction (1/2) The next generation of

Contactless Mobile Services February 2010 1 Introduction (1/2) The next generation of telephones will provide contactless services. Mobile usages Emulation of other smartcards NFC Technology Transport Transport Payment Payment

473 views • 26 slides
UNIFIED PAYMENTS AT A GLANCE DEAR MERCHANT, WELCOME TO UNIFIED PAYMENTS! At Unified Payments,

UNIFIED PAYMENTS AT A GLANCE DEAR MERCHANT, WELCOME TO UNIFIED PAYMENTS! At Unified Payments,

UNIFIED PAYMENTS AT A GLANCE DEAR MERCHANT, WELCOME TO UNIFIED PAYMENTS! At Unified Payments, we strive to make our customers our #1 priority. Running a busi - ness is already complicated enough, we're here to make it easier for you so that

105 views • 9 slides
FEDERAL RESERVE BANK OF CHICAGO 2008 PAYMENTS CONFERENCE PAYMENTS FRAUD: PAYMENTS FRAUD:

FEDERAL RESERVE BANK OF CHICAGO 2008 PAYMENTS CONFERENCE PAYMENTS FRAUD: PAYMENTS FRAUD:

FEDERAL RESERVE BANK OF CHICAGO 2008 PAYMENTS CONFERENCE PAYMENTS FRAUD: PAYMENTS FRAUD: PERCEPTION VS. REALITY Duncan Douglass Partner Partner Alston &amp; Bird LLP 1201 W. Peachtree Street Atlanta, GA 30309-3424 (404) 881-7768

367 views • 7 slides
Using Digital Payments to Curb the Covid-19 Pandemic Camilo Tellez-Merchan Digital Payments

Using Digital Payments to Curb the Covid-19 Pandemic Camilo Tellez-Merchan Digital Payments

Using Digital Payments to Curb the Covid-19 Pandemic Camilo Tellez-Merchan Digital Payments Innovation Hub May 14 2020 WWW.BETTERTHANCASH.ORG AGENDA 2 Digital Payments as Frontline Response Building Trust and making Payments Responsibly

423 views • 13 slides
TAKING PAYMENTS ECOSYSTEM CAPABILITIES TO THE NEXT LEVEL- FOCUS ON DIVERSITY Payments New

TAKING PAYMENTS ECOSYSTEM CAPABILITIES TO THE NEXT LEVEL- FOCUS ON DIVERSITY Payments New

TAKING PAYMENTS ECOSYSTEM CAPABILITIES TO THE NEXT LEVEL- FOCUS ON DIVERSITY Payments New Zealand- November 2016 PRESENTED BY: KRISTY DUNCAN WOMEN IN PAYMENTS, FOUNDER &amp; CEO PRESENTATION OVERVIEW Where are we now on gender diversity?

633 views • 16 slides
Are Mobile Payments Safe? Talk About Payments Webinar October 5, 2017 Dave Lott Payments Risk

Are Mobile Payments Safe? Talk About Payments Webinar October 5, 2017 Dave Lott Payments Risk

Are Mobile Payments Safe? Talk About Payments Webinar October 5, 2017 Dave Lott Payments Risk Expert Federal Reserve Bank of Atlanta The views expressed in this presentation are those of the presenters and do not necessarily reflect the views

508 views • 37 slides
The he F Fut uture o of Payments Doug King and David Lott, Payments Risk Experts February 16,

The he F Fut uture o of Payments Doug King and David Lott, Payments Risk Experts February 16,

ECONv Nversa satio ions The he F Fut uture o of Payments Doug King and David Lott, Payments Risk Experts February 16, 2017 For the latest news: frbatlanta.org/subscribe Trends in noncash payments 2000-2015, by number Billions 70

568 views • 8 slides
IETA Post-COP23 Webinar 20-21 November 2017 ANTITRUST GUIDELINES FOR IETA It is IETAs policy

IETA Post-COP23 Webinar 20-21 November 2017 ANTITRUST GUIDELINES FOR IETA It is IETAs policy

IETA Post-COP23 Webinar 20-21 November 2017 ANTITRUST GUIDELINES FOR IETA It is IETAs policy to comply fully with all applicable laws, including competition and antitrust laws. IETA has developed a Competition Policy to govern the conduct of

386 views • 12 slides
How does Wind affect Coal (Cycling, Emissions and Cost)

How does Wind affect Coal (Cycling, Emissions and Cost)

How does Wind affect Coal (Cycling, Emissions and Cost) Cycling Cycling is the opera1on of thermal electric generators at varying load levels

385 views • 13 slides
NRAM D Defines a a New C Categor gory o of Memory C Class S ss Storage Bill Gervasi

NRAM D Defines a a New C Categor gory o of Memory C Class S ss Storage Bill Gervasi

NRAM D Defines a a New C Categor gory o of Memory C Class S ss Storage Bill Gervasi Principal Systems Architect 11 April 2019 2 NR NRAM Technol ology ogy Value Te Test Propos osition on Results ts Age genda Marke

487 views • 29 slides
General Reporting Protocol version 2.1 Public Comment Webinar Webinar audio: 213-929-4232

General Reporting Protocol version 2.1 Public Comment Webinar Webinar audio: 213-929-4232

General Reporting Protocol version 2.1 Public Comment Webinar Webinar audio: 213-929-4232 Access code: 548-534-007 1 Logistics To ask questions: Type your question into the question box on your control panel Questions will be

598 views • 28 slides
Chip card sidelight on lightweight crypto Marc Girault CARDIS 2014 5-7 November 2014 Contents

Chip card sidelight on lightweight crypto Marc Girault CARDIS 2014 5-7 November 2014 Contents

Orange Labs Caen Chip card sidelight on lightweight crypto Marc Girault CARDIS 2014 5-7 November 2014 Contents 1. Back to 1985 Why 1985 ? Public phones Cryptology 2. Prepaid phone cards Background T1G T2G

786 views • 47 slides
SMART CARDS IN LINUX AND WHY YOU SHOULD CARE Jakub Jelen Red Hat jjelen@redhat.com PRIVATE

SMART CARDS IN LINUX AND WHY YOU SHOULD CARE Jakub Jelen Red Hat jjelen@redhat.com PRIVATE

SMART CARDS IN LINUX AND WHY YOU SHOULD CARE Jakub Jelen Red Hat jjelen@redhat.com PRIVATE KEYS, CERTIFICATES: WHAT ARE THEY USED FOR? PRIVATE KEYS, CERTIFICATES: WHAT ARE THEY USED FOR? Email signatures &amp; encryption SSH authentication

708 views • 34 slides
PART TWO - NOT FOR PROFIT CONFERENCE UBIT and 990 Update NFP Governance NFP A&amp;A Update Cyber

PART TWO - NOT FOR PROFIT CONFERENCE UBIT and 990 Update NFP Governance NFP A&amp;A Update Cyber

July 21, 2020 PART TWO - NOT FOR PROFIT CONFERENCE UBIT and 990 Update NFP Governance NFP A&amp;A Update Cyber Security PPP Q&amp;A Formed in 1967 through the merger of two firms with histories dating back to the 1920s, we are a full service

1.26k views • 97 slides
Overview of the COGO Report Card GAO Report to Congress Geospatial Data Act of 2015 Stephen D.

Overview of the COGO Report Card GAO Report to Congress Geospatial Data Act of 2015 Stephen D.

Session 6H: Overview of the COGO Report Card GAO Report to Congress Geospatial Data Act of 2015 Stephen D. DeGloria ASPRS COGO Delegate (15) ASPRS Immediate Past President (14 - 15) sdd4@cornell.edu ASPRS 2015 Annual Conference

592 views • 42 slides

More recommend